Virus eu par msn

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

voila le rapport de VundoFix



-----------------------------------

Celui de HiJackThis

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Voila le rapport de combofix


"Arto" - 2007-07-07 14:24:33 - ComboFix 07-07-07.3 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\eduvxebo.exe
C:\WINDOWS\system32\ekwsrmtf.exe
C:\WINDOWS\system32\onmhmjbx.exe
C:\WINDOWS\system32\qrmikisv.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Arto\APPLIC~1.\macromedia\Flash Player\#SharedObjects\3D5L87JC\www.broadcaster.com
C:\DOCUME~1\Arto\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Arto\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 14:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 13:55 <REP> d-------- C:\VundoFix Backups
2007-07-07 01:57 50,708 --a------ C:\WINDOWS\system32\orafyhuh.exe
2007-07-07 00:53 <REP> d-------- C:\Program Files\MSN Messenger
2007-07-06 21:19 58,016 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-07-06 21:19 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-07-06 21:15 <REP> d-------- C:\Program Files\a-squared Free
2007-07-06 21:11 <REP> d-------- C:\WINDOWS\4DCA27399D164B55808CE72CD70A5BD3.TMP
2007-07-06 21:06 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-06 20:37 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-07-06 20:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Network Associates
2007-07-06 13:15 <REP> d-------- C:\Program Files\Lavasoft
2007-07-06 13:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-05 12:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-04 21:33 269 --a------ C:\winsft.exe
2007-07-04 12:43 154,507 --a------ C:\winsfr.exe
2007-07-03 01:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-03 01:30 200 --a------ C:\winbbs.exe
2007-06-30 21:44 <REP> d-------- C:\Program Files\Ventrilo
2007-06-30 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-30 21:41 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Ventrilo
2007-06-27 12:11 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-27 12:11 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-27 12:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-27 12:10 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-27 12:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-27 12:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-27 12:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-27 12:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-27 12:09 94,208 --a------ C:\WINDOWS\amcap.exe
2007-06-27 12:09 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-06-25 00:24 <REP> d-------- C:\Program Files\Cyanide
2007-06-22 11:58 406,888 --a------ C:\WINDOWS\system32\pr2agqwc.exe
2007-06-22 11:57 64,616 --a------ C:\WINDOWS\system32\drivers\pe3agqwc.sys
2007-06-22 11:57 54,896 --a------ C:\WINDOWS\system32\drivers\ps6agqwc.sys
2007-06-18 19:43 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\InstallShield
2007-06-18 19:34 <REP> d-------- C:\Program Files\NCSoft
2007-06-18 19:00 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\GetRightToGo
2007-06-14 13:26 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-06-14 13:26 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-14 13:26 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-14 13:26 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-14 13:26 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-14 13:26 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-14 13:26 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-14 13:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-14 13:26 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Media Player Classic
2007-06-14 13:20 <REP> d-------- C:\Program Files\Ripp-it_AM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 12:26:04 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\Skype
2007-07-07 12:24:35 106 ----a-w C:\WINDOWS\system32\inetda.dll
2007-07-07 00:20:10 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-07-06 22:52:07 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-06 13:06:03 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\teamspeak2
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 15:07:33 -------- d-----w C:\Program Files\Dofus
2007-05-29 17:50:50 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\OpenOffice.org2
2007-05-09 15:41:53 -------- d-----w C:\Program Files\Dijjer
2007-05-05 16:40:38 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-28 20:08:27 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18C7A6B2-BF51-49B3-BCF8-B7CD9436661D}]
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 C:\WINDOWS\system32\sstray.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05]
"Steam"="d:\games\steam\steam.exe" [2007-06-28 06:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 19:44]
"DAEMON Tools"="D:\Program files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c659ceea-22b7-11dc-a7ed-806d6172696f}]
AutoRun\command- E:\Autorun.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 14:27:42
Windows 5.1.2600 Service Pack 2 NTFS

-----------------------------------------

Il a aussi generer un fichier text appelé " combofix-quarantined files"

le voila

2007-07-03 17:41 89 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Arto\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-07-04 14:43 4628 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eduvxebo.exe.vir
2007-07-05 14:40 4628 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ekwsrmtf.exe.vir
2007-07-06 14:46 4628 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\onmhmjbx.exe.vir
2007-07-07 02:00 4628 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qrmikisv.exe.vir
2007-07-07 14:25 1098 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
2007-07-07 14:25 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf


Structure du dossier
Le num‚ro de s‚rie du volume est CC51-09EF
C:\QOOBOX
\---Quarantine
+---C
| +---DOCUME~1
| | \---Arto
| | \---APPLIC~1
| | \---Macromedia
| | \---Flash Player
| | \---macromedia.com
| | \---support
| | \---flashplayer
| | \---sys
| | \---#www.broadcaster.com
| | settings.sol.vir
| |
| \---WINDOWS
| \---system32
| eduvxebo.exe.vir
| ekwsrmtf.exe.vir
| onmhmjbx.exe.vir
| qrmikisv.exe.vir
|
\---Registry_backups
LEGACY_DOMAINSERVICE.reg.cf
services_DomainService.reg.cf

Utilise l'ancienne version d'Hijackthis :
http://www.merijn.org/files/hijackthis.zip

Voila


Logfile of HijackThis v1.99.1
Scan saved at 16:04:03, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\games\steam\steam.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TheTurtle\TheTurtle.exe
D:\Program files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\DAoC Portal\DAoCPortal.exe
D:\Games\Catacombs\game.dll
D:\Program files\Teamspeak2_RC2\TeamSpeak.exe
c:\winsfr.exe
C:\Documents and Settings\Arto\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18C7A6B2-BF51-49B3-BCF8-B7CD9436661D} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe

Re,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.

Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.

Voila le Report.text


SDFix: Version 1.90

Run by Arto on 07/07/2007 at 18:06

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\Temp\removalfile.bat - Deleted



Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------
C:\WINDOWS\Temp\removalfile.bat Found

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Messenger\thelordadrien@hotmail.com\Sharing Folders\ploghr@hotmail.fr\Thumbs.db
C:\WINDOWS\system32\dllcache\winmga.exe
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished


--------------------------------------------

Et le nouveau log Hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 18:16:46, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\games\steam\steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TheTurtle\TheTurtle.exe
D:\Program files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Arto\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18C7A6B2-BF51-49B3-BCF8-B7CD9436661D} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\hgggdef.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: hgggdef - C:\WINDOWS\SYSTEM32\hgggdef.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe

Refais un scan Combofix.

Voila le nouveau scan combofix


"Arto" - 2007-07-07 18:49:47 - ComboFix 07-07-07.3 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\cbxxvtu.dll
C:\WINDOWS\system32\fylvfppv.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\igesqmov.dll
C:\WINDOWS\system32\pmnolkk.dll
C:\WINDOWS\system32\pihmmult.exe
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\vomqsegi.ini
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\hgggdef.dll
C:\WINDOWS\system32\vtsqo.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 18:55 30,770 --a------ C:\winpga.exe
2007-07-07 18:55 26,171 --a------ C:\WINDOWS\system32\xxyxvvt.dll
2007-07-07 18:27 50,708 --a------ C:\WINDOWS\system32\fijwogwm.exe
2007-07-07 18:06 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-07 14:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 13:55 <REP> d-------- C:\VundoFix Backups
2007-07-07 01:57 50,708 --a------ C:\WINDOWS\system32\orafyhuh.exe
2007-07-07 00:53 <REP> d-------- C:\Program Files\MSN Messenger
2007-07-06 21:19 58,016 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-07-06 21:19 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-07-06 21:15 <REP> d-------- C:\Program Files\a-squared Free
2007-07-06 21:11 <REP> d-------- C:\WINDOWS\4DCA27399D164B55808CE72CD70A5BD3.TMP
2007-07-06 21:06 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-06 20:37 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-07-06 20:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Network Associates
2007-07-06 13:15 <REP> d-------- C:\Program Files\Lavasoft
2007-07-06 13:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-05 12:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-04 21:33 269 --a------ C:\winsft.exe
2007-07-04 12:43 209,533 --a------ C:\winsfr.exe
2007-07-03 01:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-03 01:30 200 --a------ C:\winbbs.exe
2007-06-30 21:44 <REP> d-------- C:\Program Files\Ventrilo
2007-06-30 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-30 21:41 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Ventrilo
2007-06-27 12:11 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-27 12:11 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-27 12:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-27 12:10 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-27 12:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-27 12:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-27 12:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-27 12:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-27 12:09 94,208 --a------ C:\WINDOWS\amcap.exe
2007-06-27 12:09 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-06-25 00:24 <REP> d-------- C:\Program Files\Cyanide
2007-06-22 11:58 406,888 --a------ C:\WINDOWS\system32\pr2agqwc.exe
2007-06-22 11:57 64,616 --a------ C:\WINDOWS\system32\drivers\pe3agqwc.sys
2007-06-22 11:57 54,896 --a------ C:\WINDOWS\system32\drivers\ps6agqwc.sys
2007-06-18 19:43 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\InstallShield
2007-06-18 19:34 <REP> d-------- C:\Program Files\NCSoft
2007-06-18 19:00 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\GetRightToGo
2007-06-14 13:26 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-06-14 13:26 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-14 13:26 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-14 13:26 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-14 13:26 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-14 13:26 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-14 13:26 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-14 13:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-14 13:26 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Media Player Classic
2007-06-14 13:20 <REP> d-------- C:\Program Files\Ripp-it_AM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 16:55:33 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\Skype
2007-07-07 16:35:16 24 ----a-w C:\WINDOWS\system32\msttxl16.dll
2007-07-07 13:20:29 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\teamspeak2
2007-07-07 00:20:10 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-07-06 22:52:07 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 15:07:33 -------- d-----w C:\Program Files\Dofus
2007-05-29 17:50:50 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\OpenOffice.org2
2007-05-09 15:41:53 -------- d-----w C:\Program Files\Dijjer
2007-05-05 16:40:38 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-28 20:08:27 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18C7A6B2-BF51-49B3-BCF8-B7CD9436661D}]
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 C:\WINDOWS\system32\sstray.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05]
"Steam"="d:\games\steam\steam.exe" [2007-06-28 06:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 19:44]
"DAEMON Tools"="D:\Program files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F4002052-AB29-4B33-8C8D-0E99084564EC}"="C:\WINDOWS\system32\xxyxvvt.dll" [2007-07-07 18:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvvt]
xxyxvvt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c659ceea-22b7-11dc-a7ed-806d6172696f}]
AutoRun\command- E:\Autorun.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 18:54:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\xxyxvvt.dll

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-07-07 18:56:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-07 18:56
C:\ComboFix2.txt ... 2007-07-07 14:28

--- E O F ---

Reposte un rapport Hijackthis.

voila


Logfile of HijackThis v1.99.1
Scan saved at 19:45:07, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\games\steam\steam.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TheTurtle\TheTurtle.exe
D:\Program files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Documents and Settings\Arto\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18C7A6B2-BF51-49B3-BCF8-B7CD9436661D} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: xxyxvvt - C:\WINDOWS\SYSTEM32\xxyxvvt.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe

Refais un scan Combofix, on attaque  

le voici


"Arto" - 2007-07-07 20:09:11 - ComboFix 07-07-07.3 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\xxyxvvt.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 20:12 26,171 --a------ C:\WINDOWS\system32\gebbcca.dll
2007-07-07 20:12 26,171 --a------ C:\WINDOWS\system32\fccaaxv.dll
2007-07-07 18:55 30,770 --------- C:\winpga.exe
2007-07-07 18:27 50,708 --a------ C:\WINDOWS\system32\fijwogwm.exe
2007-07-07 18:06 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-07 14:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 13:55 <REP> d-------- C:\VundoFix Backups
2007-07-07 01:57 50,708 --a------ C:\WINDOWS\system32\orafyhuh.exe
2007-07-07 00:53 <REP> d-------- C:\Program Files\MSN Messenger
2007-07-06 21:19 58,016 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-07-06 21:19 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-07-06 21:15 <REP> d-------- C:\Program Files\a-squared Free
2007-07-06 21:11 <REP> d-------- C:\WINDOWS\4DCA27399D164B55808CE72CD70A5BD3.TMP
2007-07-06 21:06 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-06 20:37 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-07-06 20:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Network Associates
2007-07-06 13:15 <REP> d-------- C:\Program Files\Lavasoft
2007-07-06 13:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-05 12:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-04 21:33 269 --a------ C:\winsft.exe
2007-07-04 12:43 209,533 --a------ C:\winsfr.exe
2007-07-03 01:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-03 01:30 200 --a------ C:\winbbs.exe
2007-06-30 21:44 <REP> d-------- C:\Program Files\Ventrilo
2007-06-30 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-30 21:41 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Ventrilo
2007-06-27 12:11 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-27 12:11 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-27 12:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-27 12:10 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-27 12:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-27 12:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-27 12:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-27 12:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-27 12:09 94,208 --a------ C:\WINDOWS\amcap.exe
2007-06-27 12:09 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-06-25 00:24 <REP> d-------- C:\Program Files\Cyanide
2007-06-22 11:58 406,888 --a------ C:\WINDOWS\system32\pr2agqwc.exe
2007-06-22 11:57 64,616 --a------ C:\WINDOWS\system32\drivers\pe3agqwc.sys
2007-06-22 11:57 54,896 --a------ C:\WINDOWS\system32\drivers\ps6agqwc.sys
2007-06-18 19:43 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\InstallShield
2007-06-18 19:34 <REP> d-------- C:\Program Files\NCSoft
2007-06-18 19:00 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\GetRightToGo
2007-06-14 13:26 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-06-14 13:26 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-14 13:26 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-14 13:26 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-14 13:26 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-14 13:26 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-14 13:26 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-14 13:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-14 13:26 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Media Player Classic
2007-06-14 13:20 <REP> d-------- C:\Program Files\Ripp-it_AM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 18:14:19 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\Skype
2007-07-07 18:09:15 24 ----a-w C:\WINDOWS\system32\msttxl16.dll
2007-07-07 13:20:29 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\teamspeak2
2007-07-07 00:20:10 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-07-06 22:52:07 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 15:07:33 -------- d-----w C:\Program Files\Dofus
2007-05-29 17:50:50 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\OpenOffice.org2
2007-05-09 15:41:53 -------- d-----w C:\Program Files\Dijjer
2007-05-05 16:40:38 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-28 20:08:27 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18C7A6B2-BF51-49B3-BCF8-B7CD9436661D}]
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 C:\WINDOWS\system32\sstray.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05]
"Steam"="d:\games\steam\steam.exe" [2007-06-28 06:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 19:44]
"DAEMON Tools"="D:\Program files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F4002052-AB29-4B33-8C8D-0E99084564EC}"="C:\WINDOWS\system32\gebbcca.dll" [2007-07-07 20:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbcca]
gebbcca.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c659ceea-22b7-11dc-a7ed-806d6172696f}]
AutoRun\command- E:\Autorun.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 20:13:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 20:15:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-07 20:15
C:\ComboFix2.txt ... 2007-07-07 18:56
C:\ComboFix3.txt ... 2007-07-07 14:28

--- E O F ---

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Voila le rapport combofix


"Arto" - 2007-07-07 20:35:38 - ComboFix 07-07-07.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Arto\Bureau\CFScript.txt


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\fccaaxv.dll
C:\WINDOWS\system32\gebbcca.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\fccaaxv.dll
C:\WINDOWS\system32\gebbcca.dll
C:\WINDOWS\system32\orafyhuh.exe
C:\winpga.exe


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 20:39 30,770 --a------ C:\winpga.exe
2007-07-07 20:39 26,171 --a------ C:\WINDOWS\system32\rqrpqnn.dll
2007-07-07 18:27 50,708 --a------ C:\WINDOWS\system32\fijwogwm.exe
2007-07-07 18:06 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-07 14:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 13:55 <REP> d-------- C:\VundoFix Backups
2007-07-07 00:53 <REP> d-------- C:\Program Files\MSN Messenger
2007-07-06 21:19 58,016 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-07-06 21:19 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-07-06 21:15 <REP> d-------- C:\Program Files\a-squared Free
2007-07-06 21:11 <REP> d-------- C:\WINDOWS\4DCA27399D164B55808CE72CD70A5BD3.TMP
2007-07-06 21:06 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-06 20:37 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-07-06 20:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Network Associates
2007-07-06 13:15 <REP> d-------- C:\Program Files\Lavasoft
2007-07-06 13:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-05 12:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-04 21:33 269 --a------ C:\winsft.exe
2007-07-04 12:43 209,533 --a------ C:\winsfr.exe
2007-07-03 01:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-03 01:30 200 --a------ C:\winbbs.exe
2007-06-30 21:44 <REP> d-------- C:\Program Files\Ventrilo
2007-06-30 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-30 21:41 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Ventrilo
2007-06-27 12:11 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-27 12:11 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-27 12:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-27 12:10 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-27 12:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-27 12:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-27 12:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-27 12:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-27 12:09 94,208 --a------ C:\WINDOWS\amcap.exe
2007-06-27 12:09 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-06-25 00:24 <REP> d-------- C:\Program Files\Cyanide
2007-06-22 11:58 406,888 --a------ C:\WINDOWS\system32\pr2agqwc.exe
2007-06-22 11:57 64,616 --a------ C:\WINDOWS\system32\drivers\pe3agqwc.sys
2007-06-22 11:57 54,896 --a------ C:\WINDOWS\system32\drivers\ps6agqwc.sys
2007-06-18 19:43 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\InstallShield
2007-06-18 19:34 <REP> d-------- C:\Program Files\NCSoft
2007-06-18 19:00 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\GetRightToGo
2007-06-14 13:26 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-06-14 13:26 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-14 13:26 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-14 13:26 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-14 13:26 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-14 13:26 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-14 13:26 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-14 13:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-14 13:26 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Media Player Classic
2007-06-14 13:20 <REP> d-------- C:\Program Files\Ripp-it_AM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 18:39:22 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\Skype
2007-07-07 18:35:42 106 ----a-w C:\WINDOWS\system32\inetda.dll
2007-07-07 13:20:29 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\teamspeak2
2007-07-07 00:20:10 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-07-06 22:52:07 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 15:07:33 -------- d-----w C:\Program Files\Dofus
2007-05-29 17:50:50 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\OpenOffice.org2
2007-05-09 15:41:53 -------- d-----w C:\Program Files\Dijjer
2007-05-05 16:40:38 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-28 20:08:27 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 C:\WINDOWS\system32\sstray.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05]
"Steam"="d:\games\steam\steam.exe" [2007-06-28 06:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 19:44]
"DAEMON Tools"="D:\Program files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F4002052-AB29-4B33-8C8D-0E99084564EC}"="C:\WINDOWS\system32\rqrpqnn.dll" [2007-07-07 20:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrpqnn]
rqrpqnn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c659ceea-22b7-11dc-a7ed-806d6172696f}]
AutoRun\command- E:\Autorun.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 20:39:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 20:40:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-07 20:40
C:\ComboFix2.txt ... 2007-07-07 20:15
C:\ComboFix3.txt ... 2007-07-07 18:56

--- E O F ---


--------------------------------------

Et celui de hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 20:43:01, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\games\steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TheTurtle\TheTurtle.exe
D:\Program files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Arto\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqrpqnn - C:\WINDOWS\SYSTEM32\rqrpqnn.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe

Recommence avec ce script :

Et voila le combofix

"Arto" - 2007-07-07 20:53:58 - ComboFix 07-07-07.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Arto\Bureau\CFScript.txt


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\rqrpqnn.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\fijwogwm.exe
C:\WINDOWS\system32\rqrpqnn.dll
C:\winpga.exe


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 20:58 26,171 --a------ C:\WINDOWS\system32\mljklii.dll
2007-07-07 20:57 30,770 --a------ C:\winpga.exe
2007-07-07 18:06 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-07 14:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 13:55 <REP> d-------- C:\VundoFix Backups
2007-07-07 00:53 <REP> d-------- C:\Program Files\MSN Messenger
2007-07-06 21:19 58,016 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-07-06 21:19 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-07-06 21:15 <REP> d-------- C:\Program Files\a-squared Free
2007-07-06 21:11 <REP> d-------- C:\WINDOWS\4DCA27399D164B55808CE72CD70A5BD3.TMP
2007-07-06 21:06 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-06 20:37 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-07-06 20:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Network Associates
2007-07-06 13:15 <REP> d-------- C:\Program Files\Lavasoft
2007-07-06 13:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-05 12:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-04 21:33 269 --a------ C:\winsft.exe
2007-07-04 12:43 209,533 --a------ C:\winsfr.exe
2007-07-03 01:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-03 01:30 200 --a------ C:\winbbs.exe
2007-06-30 21:44 <REP> d-------- C:\Program Files\Ventrilo
2007-06-30 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-30 21:41 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Ventrilo
2007-06-27 12:11 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-27 12:11 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-27 12:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-27 12:10 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-27 12:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-27 12:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-27 12:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-27 12:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-27 12:09 94,208 --a------ C:\WINDOWS\amcap.exe
2007-06-27 12:09 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-06-25 00:24 <REP> d-------- C:\Program Files\Cyanide
2007-06-22 11:58 406,888 --a------ C:\WINDOWS\system32\pr2agqwc.exe
2007-06-22 11:57 64,616 --a------ C:\WINDOWS\system32\drivers\pe3agqwc.sys
2007-06-22 11:57 54,896 --a------ C:\WINDOWS\system32\drivers\ps6agqwc.sys
2007-06-18 19:43 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\InstallShield
2007-06-18 19:34 <REP> d-------- C:\Program Files\NCSoft
2007-06-18 19:00 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\GetRightToGo
2007-06-14 13:26 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-06-14 13:26 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-14 13:26 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-14 13:26 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-14 13:26 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-14 13:26 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-14 13:26 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-14 13:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-14 13:26 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Media Player Classic
2007-06-14 13:20 <REP> d-------- C:\Program Files\Ripp-it_AM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 18:57:47 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\Skype
2007-07-07 18:54:01 106 ----a-w C:\WINDOWS\system32\inetda.dll
2007-07-07 13:20:29 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\teamspeak2
2007-07-07 00:20:10 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-07-06 22:52:07 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 15:07:33 -------- d-----w C:\Program Files\Dofus
2007-05-29 17:50:50 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\OpenOffice.org2
2007-05-09 15:41:53 -------- d-----w C:\Program Files\Dijjer
2007-05-05 16:40:38 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-28 20:08:27 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 C:\WINDOWS\system32\sstray.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05]
"Steam"="d:\games\steam\steam.exe" [2007-06-28 06:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 19:44]
"DAEMON Tools"="D:\Program files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F4002052-AB29-4B33-8C8D-0E99084564EC}"="C:\WINDOWS\system32\mljklii.dll" [2007-07-07 20:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljklii]
mljklii.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c659ceea-22b7-11dc-a7ed-806d6172696f}]
AutoRun\command- E:\Autorun.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 20:57:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\EMSY4AGMSY4BHNTZ
C:\WINDOWS\system32\mljklii.dll

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-07-07 20:59:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-07 20:59
C:\ComboFix2.txt ... 2007-07-07 20:40
C:\ComboFix3.txt ... 2007-07-07 20:15

--- E O F ---

---------------------------------

Et le Hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 21:00:22, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\games\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TheTurtle\TheTurtle.exe
D:\Program files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Arto\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mljklii - C:\WINDOWS\SYSTEM32\mljklii.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe

Il revient  
Installe un antivirus comme Antivir puis fais un scan complet.

Oki le scan est en cours merci  

Voila le rapport d'antivir apres le scan




AntiVir PersonalEdition Classic
Report file date: samedi 7 juillet 2007 21:27

Scanning for 740715 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Arto
Computer name: ADRIEN

Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 7 juillet 2007 21:27

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'winmga.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VsTskMgr.exe' - '1' Module(s) have been scanned
Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned
Scan process 'Mcshield.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'TheTurtle.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'steam.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'shstat.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Start scanning boot sectors:
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '26' files ).


Starting the file scan:

Begin scan in 'A:\'
Search path A:\ could not be opened!
Paramètre incorrect.

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\system32\fylvfppv.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '46fbede9.qua'!
C:\VundoFix Backups\ragmiasv.dll.bad
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '46f6ede0.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: samedi 7 juillet 2007 22:01
Used time: 33:48 min

The scan has been done completely.

7163 Scanning directories
294522 Files were scanned
2 viruses and/or unwanted programs were found
2 classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
294518 Files not concerned
2296 Archives were scanned
3 Warnings
0 Notes
0 Hidden objects were found

Refais un scan Combofix.

Voila le combofix


"Arto" - 2007-07-07 22:15:46 - ComboFix 07-07-07.3 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\oqlbsjce.dll
C:\WINDOWS\system32\oiiipgxo.exe
C:\WINDOWS\system32\ecjsblqo.ini
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\mljklii.dll
C:\WINDOWS\system32\ssttr.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 22:21 26,171 --a------ C:\WINDOWS\system32\xxywwvv.dll
2007-07-07 22:21 26,171 --a------ C:\WINDOWS\system32\opnkkji.dll
2007-07-07 21:28 50,708 --a------ C:\WINDOWS\system32\htdjsfgn.exe
2007-07-07 21:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-07-07 20:57 30,770 --------- C:\winpga.exe
2007-07-07 18:06 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-07 14:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 13:55 <REP> d-------- C:\VundoFix Backups
2007-07-07 00:53 <REP> d-------- C:\Program Files\MSN Messenger
2007-07-06 21:19 58,016 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-07-06 21:19 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-07-06 21:15 <REP> d-------- C:\Program Files\a-squared Free
2007-07-06 21:11 <REP> d-------- C:\WINDOWS\4DCA27399D164B55808CE72CD70A5BD3.TMP
2007-07-06 21:06 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-06 20:37 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-07-06 20:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Network Associates
2007-07-06 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Network Associates
2007-07-06 13:15 <REP> d-------- C:\Program Files\Lavasoft
2007-07-06 13:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-05 12:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-04 21:33 269 --a------ C:\winsft.exe
2007-07-04 12:43 209,533 --a------ C:\winsfr.exe
2007-07-03 01:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-03 01:30 200 --a------ C:\winbbs.exe
2007-06-30 21:44 <REP> d-------- C:\Program Files\Ventrilo
2007-06-30 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-30 21:41 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Ventrilo
2007-06-27 12:11 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-27 12:11 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-27 12:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-27 12:10 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-27 12:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-27 12:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-27 12:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-27 12:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-27 12:09 94,208 --a------ C:\WINDOWS\amcap.exe
2007-06-27 12:09 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-06-25 00:24 <REP> d-------- C:\Program Files\Cyanide
2007-06-22 11:58 406,888 --a------ C:\WINDOWS\system32\pr2agqwc.exe
2007-06-22 11:57 64,616 --a------ C:\WINDOWS\system32\drivers\pe3agqwc.sys
2007-06-22 11:57 54,896 --a------ C:\WINDOWS\system32\drivers\ps6agqwc.sys
2007-06-18 19:43 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\InstallShield
2007-06-18 19:34 <REP> d-------- C:\Program Files\NCSoft
2007-06-18 19:00 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\GetRightToGo
2007-06-14 13:26 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-06-14 13:26 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-14 13:26 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-14 13:26 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-14 13:26 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-14 13:26 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-14 13:26 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-14 13:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-14 13:26 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Media Player Classic
2007-06-14 13:20 <REP> d-------- C:\Program Files\Ripp-it_AM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 20:22:53 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\Skype
2007-07-07 20:15:49 754 ----a-w C:\WINDOWS\system32\msxwnet32.dll
2007-07-07 20:15:49 106 ----a-w C:\WINDOWS\system32\inetda.dll
2007-07-07 13:20:29 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\teamspeak2
2007-07-07 00:20:10 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-07-06 22:52:07 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 15:07:33 -------- d-----w C:\Program Files\Dofus
2007-05-29 17:50:50 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\OpenOffice.org2
2007-05-09 15:41:53 -------- d-----w C:\Program Files\Dijjer
2007-05-05 16:40:38 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-28 20:08:27 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 C:\WINDOWS\system32\sstray.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05]
"Steam"="d:\games\steam\steam.exe" [2007-06-28 06:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 19:44]
"DAEMON Tools"="D:\Program files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F4002052-AB29-4B33-8C8D-0E99084564EC}"="C:\WINDOWS\system32\xxywwvv.dll" [2007-07-07 22:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwvv]
xxywwvv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c659ceea-22b7-11dc-a7ed-806d6172696f}]
AutoRun\command- E:\Autorun.exe

*Newly Created Service* - SSMDRV

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 22:21:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 22:23:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-07 22:23
C:\ComboFix2.txt ... 2007-07-07 20:59
C:\ComboFix3.txt ... 2007-07-07 20:40

--- E O F ---

Comprends pas  

Fais un scan en ligne Kaspersky avec Internet Explorer :

Clique sur

Clique maintenant sur J'accepte.

Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.

Patiente pendant l'installation des Mises à jour.

Choisis par la suite l'analyse du Poste de travail

Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

oki je fais ca et je te le post merci beaucoup  

Et voila

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, July 08, 2007 12:26:06 AM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 7/07/2007
Enregistrements dans la base antivirus Kaspersky : 337270
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
F:\

Statistiques de l'analyse:
Total d'objets analysés: 114535
Nombre de virus trouvés: 4
Nombre d'objets infectés: 71 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:23:52

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\call256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\callmember256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\chat512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\chatmember256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\chatmsg256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\chatmsg512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\contactgroup256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\dyncontent\bundle.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\index2.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\profile256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\user1024.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\user16384.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\user256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\voicemail256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\Perflib_Perfdata_8cc.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\Perflib_Perfdata_8e8.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\Perflib_Perfdata_af0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\~DFCC95.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\~DFE3CC.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\HP\hpcoretech\hpcmerr.log L'objet est verrouillé ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\eduvxebo.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\ekwsrmtf.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\fijwogwm.exe.vir Infecté : Trojan.Win32.Agent.aoy ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\oiiipgxo.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\onmhmjbx.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\orafyhuh.exe.vir Infecté : Trojan.Win32.Agent.aoy ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\pihmmult.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\qrmikisv.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP234\A0202288.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP234\A0202288.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP234\A0202288.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP234\A0202288.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP237\A0202579.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP237\A0202579.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP237\A0202579.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP237\A0202579.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0206583.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0206583.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0206583.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0206583.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0207582.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0207582.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0207582.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0207582.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0207587.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207592.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207593.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207617.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207617.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207617.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207617.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP245\A0213726.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP245\A0213727.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP246\A0213769.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP246\A0213770.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213812.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213813.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213849.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213849.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213849.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213849.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213865.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213865.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213865.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213865.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0214865.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0214865.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0214865.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0214865.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215865.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215865.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215865.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215865.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215912.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215912.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215912.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215912.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215928.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215929.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215930.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215931.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0216233.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0216310.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP249\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\dllcache\winmga.exe Infecté : Backdoor.Win32.VanBot.dk ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\gwqqpyhj.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\htdjsfgn.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\WINDOWS\system32\vnpxqfnc.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\winsfr.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\winsfr.exe AutoIt: infecté - 1 ignoré
C:\winsfr.exe UPX: infecté - 1 ignoré
C:\winsfr.exe PE_Patch.UPX: infecté - 1 ignoré
D:\Games\Steam\Steam.log L'objet est verrouillé ignoré
D:\Games\Steam\SteamApps\winui.gcf L'objet est verrouillé ignoré
D:\Games\Steam\SteamLogs\SteamStats.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP249\change.log L'objet est verrouillé ignoré

Analyse terminée.

Re,

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :

C:\QooBox
C:\WINDOWS\system32\dllcache\winmga.exe
C:\WINDOWS\system32\gwqqpyhj.exe
C:\WINDOWS\system32\htdjsfgn.exe
C:\WINDOWS\system32\vnpxqfnc.exe
C:\winsfr.exe

---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-

Et voila

C:\QooBox\Quarantine\Registry_backups moved successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\QooBox\Quarantine\C\WINDOWS moved successfully.
C:\QooBox\Quarantine\C\DOCUME~1\Arto\APPLIC~1\Macromedia\Flash Player moved successfully.
C:\QooBox\Quarantine\C\DOCUME~1\Arto\APPLIC~1\Macromedia moved successfully.
C:\QooBox\Quarantine\C\DOCUME~1\Arto\APPLIC~1 moved successfully.
C:\QooBox\Quarantine\C\DOCUME~1\Arto moved successfully.
C:\QooBox\Quarantine\C\DOCUME~1 moved successfully.
C:\QooBox\Quarantine\C moved successfully.
C:\QooBox\Quarantine moved successfully.
C:\QooBox moved successfully.
C:\WINDOWS\system32\dllcache\winmga.exe moved successfully.
C:\WINDOWS\system32\gwqqpyhj.exe moved successfully.
C:\WINDOWS\system32\htdjsfgn.exe moved successfully.
C:\WINDOWS\system32\vnpxqfnc.exe moved successfully.
C:\winsfr.exe moved successfully.

Created on 07/08/2007 15:25:09

Reposte un rapport Hijackthis.

Et voila

Logfile of HijackThis v1.99.1
Scan saved at 16:17:19, on 08/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\vnpxqfnc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\games\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\TheTurtle\TheTurtle.exe
D:\Program files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\DAoC Portal\DAoCPortal.exe
C:\Documents and Settings\Arto\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\vmhamiit.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vnpxqfnc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe

Renomme Hijackthis.exe en Scanner.exe puis poste un rapport.

Tadam !

Logfile of HijackThis v1.99.1
Scan saved at 16:22:35, on 08/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\vnpxqfnc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\games\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\TheTurtle\TheTurtle.exe
D:\Program files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Arto\Bureau\HiJackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B14C04B1-56F5-44B5-8DC9-B0C97085BF1F} - C:\WINDOWS\system32\sstts.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\xxywwvv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\vmhamiit.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll
O20 - Winlogon Notify: xxywwvv - C:\WINDOWS\SYSTEM32\xxywwvv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vnpxqfnc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe

Re,

1/ Télécharge The Avenger (par Swandog46) sur ton Bureau.
Dézippe-le ensuite sur ton Bureau.

2/ Copie tout le texte en rouge[/#f] ci-dessous :

Citation :

[#ff1c00]Files to delete:
C:\WINDOWS\System32\sstts.dll
C:\WINDOWS\System32\sttss.bak
C:\WINDOWS\System32\sttss.bak1
C:\WINDOWS\System32\sttss.bak2
C:\WINDOWS\System32\sttss.ini
C:\WINDOWS\System32\sttss.ini1
C:\WINDOWS\System32\sttss.ini2
C:\WINDOWS\System32\sttss.tmp
C:\WINDOWS\System32\xxywwvv.dll
C:\WINDOWS\System32\vvwwyxx.bak
C:\WINDOWS\System32\vvwwyxx.bak1
C:\WINDOWS\System32\vvwwyxx.bak2
C:\WINDOWS\System32\vvwwyxx.ini
C:\WINDOWS\System32\vvwwyxx.ini1
C:\WINDOWS\System32\vvwwyxx.ini2
C:\WINDOWS\System32\vvwwyxx.tmp
C:\WINDOWS\system32\opnkkji.dll
C:\WINDOWS\system32\htdjsfgn.exe
C:\winpga.exe
C:\winsft.exe
C:\winsfr.exe
C:\winbbs.exe
C:\WINDOWS\system32\vmhamiit.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B14C04B1-56F5-44B5-8DC9-B0C97085BF1F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4002052-AB29-4B33-8C8D-0E99084564EC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GPLv3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxywwvv

---> Clique-droit puis Copier

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

3/ Maintenant, lance The Avenger en cliquant sur l'icône présente sur le Bureau.
Sous "Script file to execute" choisis "Input Script Manually".
Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
Dans cette fenêtre, colle le texte précedemment copié sur le bureau.
Clique sur "Done"
Ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script.
Réponds par "Yes" deux fois quand cela te sera demandé.

4/ The Avenger va automatiquement faire ce qui suit :
Il va redémarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger redémarrera votre système 2 fois)
Pendant le redémarrage, il apparaitra brièvement une fenêtre de commande de Windows noire sur votre bureau, ceci est NORMAL.
Après le redémarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.

5/ Pour finir copie/colle le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau rapport HijackThis.

Voila le rapport Avenger


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hwlpnifg

*******************

Script file located at: \??\C:\Documents and Settings\ypddlaml.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\System32\sstts.dll deleted successfully.


File C:\WINDOWS\System32\sttss.bak not found!
Deletion of file C:\WINDOWS\System32\sttss.bak failed!

Could not process line:
C:\WINDOWS\System32\sttss.bak
Status: 0xc0000034

File C:\WINDOWS\System32\sttss.bak1 deleted successfully.


File C:\WINDOWS\System32\sttss.bak2 not found!
Deletion of file C:\WINDOWS\System32\sttss.bak2 failed!

Could not process line:
C:\WINDOWS\System32\sttss.bak2
Status: 0xc0000034

File C:\WINDOWS\System32\sttss.ini deleted successfully.


File C:\WINDOWS\System32\sttss.ini1 not found!
Deletion of file C:\WINDOWS\System32\sttss.ini1 failed!

Could not process line:
C:\WINDOWS\System32\sttss.ini1
Status: 0xc0000034



File C:\WINDOWS\System32\sttss.ini2 not found!
Deletion of file C:\WINDOWS\System32\sttss.ini2 failed!

Could not process line:
C:\WINDOWS\System32\sttss.ini2
Status: 0xc0000034



File C:\WINDOWS\System32\sttss.tmp not found!
Deletion of file C:\WINDOWS\System32\sttss.tmp failed!

Could not process line:
C:\WINDOWS\System32\sttss.tmp
Status: 0xc0000034

File C:\WINDOWS\System32\xxywwvv.dll deleted successfully.


File C:\WINDOWS\System32\vvwwyxx.bak not found!
Deletion of file C:\WINDOWS\System32\vvwwyxx.bak failed!

Could not process line:
C:\WINDOWS\System32\vvwwyxx.bak
Status: 0xc0000034



File C:\WINDOWS\System32\vvwwyxx.bak1 not found!
Deletion of file C:\WINDOWS\System32\vvwwyxx.bak1 failed!

Could not process line:
C:\WINDOWS\System32\vvwwyxx.bak1
Status: 0xc0000034



File C:\WINDOWS\System32\vvwwyxx.bak2 not found!
Deletion of file C:\WINDOWS\System32\vvwwyxx.bak2 failed!

Could not process line:
C:\WINDOWS\System32\vvwwyxx.bak2
Status: 0xc0000034



File C:\WINDOWS\System32\vvwwyxx.ini not found!
Deletion of file C:\WINDOWS\System32\vvwwyxx.ini failed!

Could not process line:
C:\WINDOWS\System32\vvwwyxx.ini
Status: 0xc0000034



File C:\WINDOWS\System32\vvwwyxx.ini1 not found!
Deletion of file C:\WINDOWS\System32\vvwwyxx.ini1 failed!

Could not process line:
C:\WINDOWS\System32\vvwwyxx.ini1
Status: 0xc0000034



File C:\WINDOWS\System32\vvwwyxx.ini2 not found!
Deletion of file C:\WINDOWS\System32\vvwwyxx.ini2 failed!

Could not process line:
C:\WINDOWS\System32\vvwwyxx.ini2
Status: 0xc0000034



File C:\WINDOWS\System32\vvwwyxx.tmp not found!
Deletion of file C:\WINDOWS\System32\vvwwyxx.tmp failed!

Could not process line:
C:\WINDOWS\System32\vvwwyxx.tmp
Status: 0xc0000034

File C:\WINDOWS\system32\opnkkji.dll deleted successfully.


File C:\WINDOWS\system32\htdjsfgn.exe not found!
Deletion of file C:\WINDOWS\system32\htdjsfgn.exe failed!

Could not process line:
C:\WINDOWS\system32\htdjsfgn.exe
Status: 0xc0000034



File C:\winpga.exe not found!
Deletion of file C:\winpga.exe failed!

Could not process line:
C:\winpga.exe
Status: 0xc0000034

File C:\winsft.exe deleted successfully.


File C:\winsfr.exe not found!
Deletion of file C:\winsfr.exe failed!

Could not process line:
C:\winsfr.exe
Status: 0xc0000034

File C:\winbbs.exe deleted successfully.
File C:\WINDOWS\system32\vmhamiit.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B14C04B1-56F5-44B5-8DC9-B0C97085BF1F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4002052-AB29-4B33-8C8D-0E99084564EC} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GPLv3 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GPLv3 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstts deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxywwvv deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



---------------------------------

Et celui Hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 16:42:49, on 08/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\games\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TheTurtle\TheTurtle.exe
D:\Program files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Arto\Bureau\HiJackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\vmhamiit.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vnpxqfnc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe

Refais un scan Combofix.

Le voila

"Arto" - 2007-07-08 19:34:40 - ComboFix 07-07-07.3 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtrqqn.dll
C:\WINDOWS\system32\cbxywvs.dll
C:\WINDOWS\system32\ddcaaba.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


2007-07-08 03:45 <REP> d-------- C:\Program Files\MSN Messenger
2007-07-07 21:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-07-07 18:06 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-07 14:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 13:55 <REP> d-------- C:\VundoFix Backups
2007-07-06 21:15 <REP> d-------- C:\Program Files\a-squared Free
2007-07-06 21:06 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-06 20:37 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-07-06 13:15 <REP> d-------- C:\Program Files\Lavasoft
2007-07-06 13:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-05 12:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-03 01:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-30 21:44 <REP> d-------- C:\Program Files\Ventrilo
2007-06-30 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-30 21:41 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Ventrilo
2007-06-27 12:11 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-27 12:11 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-27 12:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-27 12:10 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-27 12:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-27 12:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-27 12:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-27 12:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-27 12:09 94,208 --a------ C:\WINDOWS\amcap.exe
2007-06-27 12:09 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-06-25 00:24 <REP> d-------- C:\Program Files\Cyanide
2007-06-22 11:58 406,888 --a------ C:\WINDOWS\system32\pr2agqwc.exe
2007-06-22 11:57 64,616 --a------ C:\WINDOWS\system32\drivers\pe3agqwc.sys
2007-06-22 11:57 54,896 --a------ C:\WINDOWS\system32\drivers\ps6agqwc.sys
2007-06-18 19:43 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\InstallShield
2007-06-18 19:34 <REP> d-------- C:\Program Files\NCSoft
2007-06-18 19:00 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\GetRightToGo
2007-06-14 13:26 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-06-14 13:26 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-14 13:26 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-14 13:26 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-14 13:26 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-14 13:26 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-14 13:26 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-14 13:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-14 13:26 <REP> d-------- C:\DOCUME~1\Arto\APPLIC~1\Media Player Classic
2007-06-14 13:20 <REP> d-------- C:\Program Files\Ripp-it_AM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 17:39:12 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\Skype
2007-07-08 16:32:21 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\teamspeak2
2007-07-07 00:20:10 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-07-06 22:52:07 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 15:07:33 -------- d-----w C:\Program Files\Dofus
2007-05-29 17:50:50 -------- d-----w C:\DOCUME~1\Arto\APPLIC~1\OpenOffice.org2
2007-05-09 15:41:53 -------- d-----w C:\Program Files\Dijjer
2007-05-05 16:40:38 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-28 20:08:27 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 C:\WINDOWS\system32\sstray.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Steam"="d:\games\steam\steam.exe" [2007-06-28 06:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 19:44]
"DAEMON Tools"="D:\Program files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c659ceea-22b7-11dc-a7ed-806d6172696f}]
AutoRun\command- E:\Autorun.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 19:38:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-08 19:40:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-08 19:40
C:\ComboFix2.txt ... 2007-07-07 22:23
C:\ComboFix3.txt ... 2007-07-07 20:59

--- E O F ---

Reposte un rapport Hijackthis.

voilou



Logfile of HijackThis v1.99.1
Scan saved at 20:05:16, on 08/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\games\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TheTurtle\TheTurtle.exe
D:\Program files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Arto\Bureau\HiJackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe

Re,

Fais un scan en ligne Kaspersky avec Internet Explorer :

Clique sur

Clique maintenant sur J'accepte.

Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.

Patiente pendant l'installation des Mises à jour.

Choisis par la suite l'analyse du Poste de travail

Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

LE voila


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, July 08, 2007 9:50:40 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 8/07/2007
Enregistrements dans la base antivirus Kaspersky : 337478
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
F:\

Statistiques de l'analyse:
Total d'objets analysés: 115001
Nombre de virus trouvés: 3
Nombre d'objets infectés: 59 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:06:07

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\call256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\callmember256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\chat512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\chatmember256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\chatmsg256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\chatmsg512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\contactgroup256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\dyncontent\bundle.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\index2.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\profile256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\user1024.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\user16384.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\user256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Application Data\Skype\arto921\voicemail256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Messenger\thelordadrien@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Messenger\thelordadrien@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Messenger\thelordadrien@hotmail.com\SharingMetadata\Working\database_F6CC_514E_CC51_9EF\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Messenger\thelordadrien@hotmail.com\SharingMetadata\Working\database_F6CC_514E_CC51_9EF\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Messenger\thelordadrien@hotmail.com\SharingMetadata\Working\database_F6CC_514E_CC51_9EF\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Messenger\thelordadrien@hotmail.com\SharingMetadata\Working\database_F6CC_514E_CC51_9EF\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Windows Live Contacts\thelordadrien@hotmail.com\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Microsoft\Windows Live Contacts\thelordadrien@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Application Data\Mozilla\Firefox\Profiles\etkkdute.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Historique\History.IE5\MSHist012007070820070709\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\Perflib_Perfdata_3b0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\Perflib_Perfdata_e88.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\Perflib_Perfdata_e94.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\~DF3823.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\~DF5A84.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\~DF5A97.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\~DFA44D.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\~DFE4FE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temp\~DFE52D.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Arto\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\HP\hpcoretech\hpcmerr.log L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP234\A0202288.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP234\A0202288.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP234\A0202288.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP234\A0202288.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP237\A0202579.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP237\A0202579.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP237\A0202579.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP237\A0202579.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0206583.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0206583.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0206583.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0206583.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0207582.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0207582.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0207582.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0207582.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP238\A0207587.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207592.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207593.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207617.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207617.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207617.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP239\A0207617.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP245\A0213726.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP245\A0213727.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP246\A0213769.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP246\A0213770.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213812.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213813.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213849.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213849.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213849.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213849.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213865.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213865.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213865.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0213865.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0214865.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0214865.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0214865.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0214865.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215865.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215865.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215865.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215865.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215912.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215912.exe AutoIt: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215912.exe UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215912.exe PE_Patch.UPX: infecté - 1 ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215928.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215929.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215930.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0215931.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0216233.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP247\A0216310.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP251\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\_OTMoveIt\MovedFiles\QooBox\Quarantine\C\WINDOWS\system32\igesqmov.dll.vir L'objet est verrouillé ignoré
C:\_OTMoveIt\MovedFiles\winsfr.exe/script.au3 Infecté : IM-Worm.Win32.Agent.d ignoré
C:\_OTMoveIt\MovedFiles\winsfr.exe AutoIt: infecté - 1 ignoré
C:\_OTMoveIt\MovedFiles\winsfr.exe UPX: infecté - 1 ignoré
C:\_OTMoveIt\MovedFiles\winsfr.exe PE_Patch.UPX: infecté - 1 ignoré
D:\Games\Steam\Steam.log L'objet est verrouillé ignoré
D:\Games\Steam\SteamApps\counter-strike.gcf L'objet est verrouillé ignoré
D:\Games\Steam\SteamApps\day of defeat.gcf L'objet est verrouillé ignoré
D:\Games\Steam\SteamApps\half-life engine.gcf L'objet est verrouillé ignoré
D:\Games\Steam\SteamApps\half-life.gcf L'objet est verrouillé ignoré
D:\Games\Steam\SteamApps\platform.gcf L'objet est verrouillé ignoré
D:\Games\Steam\SteamApps\sourceinit.gcf L'objet est verrouillé ignoré
D:\Games\Steam\SteamApps\winui.gcf L'objet est verrouillé ignoré
D:\Games\Steam\SteamLogs\SteamStats.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{BBBD0687-4DF4-4990-AD2C-41A5D6580429}\RP251\change.log L'objet est verrouillé ignoré

Analyse terminée.

Désactive puis réactive la restauration du système.

je fait ca comment plz ?

Google ?  
http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...

Voila c'est fait  

Des questions ?

C'est fini ?  

Oui ;-)

Oki cool je vais relancer msn alors ^^

Merci beaucoup pour ta vitesse de reponse angeldark puisque j'ai vu que tu avais pas mal de boulot ^^ Je te remercies tres fort